CVE-2022-32151 : The httplib and urllib Python libraries that Splunk shipped with Splunk Enterpri

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.

Published 2022-06-15 17:15:09

Updated 2022-06-24 01:24:09

Source Splunk Inc.

View at NVD, CVE.org

Products affected by CVE-2022-32151

Splunk » Splunk » Enterprise Edition
Versions before (<) 9.0
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Matching versions
Splunk » Splunk Cloud Platform
Versions before (<) 8.2.2203
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-32151

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-32151

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None
7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N	2.2	5.2	Splunk Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2022-32151

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.
Assigned by:
- nvd@nist.gov (Primary)
- prodsec@splunk.com (Secondary)

References for CVE-2022-32151

https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/

Splunk protocol impersonation weak encryption simplerequest - Splunk Security Content
Mitigation;Vendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation

Configure TLS certificate host name validation - Splunk Documentation
Vendor Advisory

CVEs referencing this url
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html

SVD-2022-0601 | Splunk
Vendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates

Security updates - Splunk Documentation
Release Notes;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-32151

Products affected by CVE-2022-32151

Exploit prediction scoring system (EPSS) score for CVE-2022-32151

CVSS scores for CVE-2022-32151

CWE ids for CVE-2022-32151

References for CVE-2022-32151